Breaking SSL Why leave to others what you can do yourself?

Size: px

Start display at page:

Download "Breaking SSL Why leave to others what you can do yourself?"

John Newton
6 years ago
Views:

1 Breaking SSL Why leave to others what you can do yourself? By Ivan Ristic 1/ 26

2 Who is Ivan Ristic? 1) ModSecurity (open source web application firewall), 2) Apache 2/ 33 Security (O Reilly, 2005), 3) SSL Labs (research and assessment platform), 4) ModSecurity Handbook (Feisty Duck, 2010) 2/ 26

3 SSL and TLS 1) Very well designed 2) Very widely used 3) Security backbone of the Internet 3/ 33 4) Secure on its own 5) Easily compromised when used with HTTP 6) Few people pay attention to it 3/ 26

4 Why was SSL in the news recently? 2008 MD5 collision and rogue CA generation (Sotirov et al.) 2009 NUL byte certificate attacks 4/ 33 (Moxie & Kaminsky separately) 2009 Authentication Gap (Marsh Ray) (And a couple of other, smaller, issues. Did someone mention SSL VPNs?) 4/ 26

5 Moxie Marlinspike If you need convincing how easy it is to defeat SSL, look for Moxie s sslstrip and sslsniff tools. 5/ 33 5/ 26

6 Principal Active Threats Man-in-the-middle (MITM) attacks: Rogue CA certificates Implementation 6/ 33 flaws App and configuration vulnerabilities Usability issues Rogue certificate authorities! 6/ 26

7 SSL Threat Model (Get it from ssllabs.com.) 7/ 33 7/ 26

8 SSL Labs Dedicated to SSL/TLS research. Lots of interesting projects. 8/ 33 NOW FUNDED BY 8/ 26

9 SSL Server Assessment The most popular part of the site is the free SSL Sever Assessment tool. 9/ 33 9/ 26

10 SSL Server Assessment The most comprehensive assessment available. 10 / / 26

11 SSL Labs projects SSL Server Security Rating Guide SSL Server Security Online Assessment SSL Threat Model 11 / 33 Passive SSL Client Fingerprinting tools Planned: SSL Client Capabilities Database SSL Usage Tracking SSL Internet Survey (in progress!) 11 / 26

12 Feature Presentation SSL Deployment 12 / 33 Mistakes 12 / 26

13 1 Inconsistent DNS configuration Your address points to one web server, while example.com points to another It surprising how many high-profile sites suffer 13 / 33 from this problem 13 / 26

14 What does microsoft.com look like? 14 / / 26

15 2 Different sites on 80 and 443 You type and expect to see the same site as on This is the fate 15 / of every single site that uses 33 virtual hosting Would you mind if questionable content appeared on 15 / 26

16 3 Using incomplete certificates You type and expect to see the same site as on Very confusing for users 16 / / 26

17 4 Self-signed certificates Self-signed certificates are spoiling SSL security for all of us They are insecure 17 / 33 We are teaching users to ignore warnings It s cheaper to buy a certificate than support a self-signed one 17 / 26

18 5 Own CA certificates You configure a web site, don t want to pay small $ for a proper certificate, but don t mind spending a lot of time creating a custom CA?! 18 / Encouraging others 33 to use your CA root is terribly insecure How well is your CA root protected? Any CA root can sign any site! 18 / 26

19 6 Mixing SSL and plain-text on a site Difficult to implement securely Leads to user session compromise Trivial for the 19 man / 33 in the middle to use sslstrip to convert HTTPS links to HTTP Even redirections problematic only secure bookmarks work 19 / 26

20 7 Using SSL for important bits Some sites will use SSL to protect authentication and nothing else They are vulnerable to session hijacking 20 / 33 Some even allow users to change password without knowing the old ones 20 / 26

21 8 Not using secure cookies Secure cookies are transmitted only over SSL Even if your site does not use plain-text anywhere (and does not even run on port 80), 21 / browsers can be tricked 33 into revealing nonsecure cookies by a MITM attacker You must use secure cookies everywhere 21 / 26

22 9 Mixed page content A single plain-text link is enough to compromise the entire secure SSL site 22 / / 26

23 10 Not using an EV certificate High-value web sites will often be a target of phishing attacks It is easy to mistype and end up at the wrong 23 / place, even if you 33 are en experienced user The green glow helps ensure your users that they are in the right place 23 / 26

24 Core Issues 1) Browsers accept invalid certificates 2) Insufficient security indications 3) Decoupled nature of HTTP and SSL 24 / 33 4) No broad support for virtual SSL hosting 5) Some sites use SSL some don t 6) The burden of security is on users 24 / 26

25 Message for today SSL is a rare application security area where we can make things 100% secure, with relatively small effort. Why not get it right? 25 / 26

26 Thank you! The slides are available for download from 26 / 26

How to Render SSL Useless. Render SSL Useless. By Ivan Ristic 1 / 27

How to Render SSL Useless. Render SSL Useless. By Ivan Ristic 1 / 27 How to Render SSL Useless By Ivan Ristic 1 / 27 Who is Ivan Ristic? 1) ModSecurity (open source web application firewall), 2) Apache 2 / 33 Security (O Reilly, 2005), 3) SSL Labs (research and assessment